Understanding and avoiding malvertizing attacks
Online advertisements can be an annoying interruption to our normal surfing behavior. However, they are often necessary because they serve as the main source of funding for the otherwise free websites we use every day. Have you ever wondered how those ads end up on your screen? Well, there’s a fascinating supply chain behind the ads, and it’s interesting to pick it apart.
Normally, a website that displays advertisements does not manually select the specific advertisements displayed on its platform. Instead, it chooses ad categories to block, allocates ad space, and then serves the ads that the ad provider serves. Advertising providers are responsible for finding advertisers and websites to display their advertisements. But what if those advertisers aren’t legitimate? What if they are threat actors or scammers looking to lure potential victims with seemingly legitimate software or help fix your computer? This malicious use of advertising is called malvertizing.
Malvertizing uses many of the same tactics as social engineering, relying heavily on persuasive language and striking images to stimulate a sense of urgency or fear. This encourages victims to act quickly without inspecting the legitimacy of the website linked in the ad. Malvertizing attacks are becoming increasingly sophisticated, with cybercriminals using trusted platforms such as Facebook and other social media networks to spread malicious content. By abusing the trust and reach of these platforms, attackers can reach a broader audience and potentially put more victims at risk. This also makes it harder for users to distinguish between legitimate and malicious ads.
Adding to the complexity, threat actors use techniques to mask their identities and evade detection. These can include social engineering tactics such as phishing, token theft, or infostealers to gain access to legitimate advertising accounts. By hijacking trusted accounts, attackers can bypass security measures designed to prevent malicious organizations from purchasing advertising space.
Leads threat operations and internal security at Huntress.
Three common types of malvertizing attacks that users should be aware of are:
Scam Malvertization: Attackers will display ads with language similar to “Your computer is infected, call us immediately to fix it!”. Once a victim calls, the scammers will typically convince their victim to install software to initiate a remote control session of the victim’s computer. They will then overwhelm the victim with disinformation, hoping to make them believe that the situation is too complex to understand, and then ask them to pay money to fix the non-existent security problem.
Fake installer malvertizes: A commonly used technique that delivers malware directly to the victim, posing a greater threat. Attackers disguise themselves as legitimate software vendors to deliver a modified version of the software that typically includes an infostealer or initial access mechanism. These attacks aim to catch the victim while he is in a hurry to install the software. We often see QuickBooks used as a decoy, with attackers sponsoring malicious advertisements designed to appear next to legitimate QuickBooks links. The malicious ads then redirect to a cloned QuickBooks website that serves users as a compromised installer. Similarly, fake browser extensions impersonate legitimate browser extensions, tricking users into installing them. Once installed, they can capture sensitive data including browsing history, passwords and credit card details, putting both individuals and businesses at significant risk.
Malvert drive-by download: These malicious ads require no viewer involvement; simply loading it into your browser is enough to install a new web extension or download malware. This tactic relies heavily on the victim not keeping their browser up to date and exploits previously known and patched vulnerabilities. There’s a reason why your browser is constantly asking you to update it; these updates keep the browser safe from newly discovered vulnerabilities. Keep your browser up to date and don’t make the job of attackers easier.
Avoid attacks
To avoid falling prey to malvertizing attacks such as scams, it is essential that you think critically before engaging with suspicious advertisements. If you receive an ad claiming that you are a victim and should ask for help, stop and ask if the claim makes sense on its face. How would this supplier know that there was a virus on your computer? Does Microsoft really have a staff department that proactively buys advertising space to inform its customers that there may be a virus on their computer? While answering these questions generally requires a certain level of technical acumen, there are also other clues that an ad may be a scam. Many of these scams claim to be technical support from Microsoft or their security team. Check where the ad takes you. If the domain isn’t www.microsoft.com, you can almost guarantee it’s a scam, especially if it’s accompanied by a message claiming it’s time-sensitive or extremely critical.
To avoid falling victim to malvertising, pay close attention, take a moment to consider an ad’s claims, make sure you are being directed to a legitimate site and click the ‘update’ button every time it appears in your ad. browser. To defend against malvertising, advertisers must implement stricter controls over advertisers and their content to ensure legitimacy. Additionally, employees should be trained to identify suspicious emails, websites, and online advertisements so they can avoid falling victim to these attacks. Threat actors are increasingly using legitimate tools maliciously, including advertisements. A healthy dose of skepticism never hurt anyone, so be careful the next time you see a suspicious ad and make sure it’s legitimate before clicking on it.
We’ve highlighted the best business VPN.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro